2 matches found
Insufficient Session Expiration
Overview Affected versions of this package are vulnerable to Insufficient Session Expiration such that the token used in the password reset links remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. Remediation...